Hello Khem Raj, Several new CVEs have been assigned to go-binary-native package (as listed below). Based on the recipe, it’s been observed that it uses prebuilt instead of being built from source code. Can you please help to understand the procedures and how we can address applicable CVEs for these packages? Do we have any identified plan to address it? CVEs affecting go-binary-native:
1. CVE-2025-4674 (CVSS 8.6) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-4674 2. CVE-2025-47906 (CVSS 6.5) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-47906 3. CVE-2025-47907 (CVSS 7.0) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-47907 4. CVE-2025-47912 (CVSS 5.3) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-47912 5. CVE-2025-58185 (CVSS 5.3) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-58185 6. CVE-2025-58187 (CVSS 7.5) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-58187 7. CVE-2025-58188 (CVSS 7.5) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-58188 8. CVE-2025-58189 (CVSS 5.3) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-58189 9. CVE-2025-61723 (CVSS 7.5) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61723 10. CVE-2025-61724 (CVSS 5.3) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61724 11. CVE-2025-61726 (CVSS 7.5) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61726 12. CVE-2025-61727 (CVSS 6.5) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61727 13. CVE-2025-61728 (CVSS 6.5) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61728 14. CVE-2025-61729 (CVSS 7.5) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61729 15. CVE-2025-61730 (CVSS 5.3) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61730 16. CVE-2025-61731 (CVSS 7.8) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61731 17. CVE-2025-68119 (CVSS 7.0) – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-68119 18. CVE-2025-22873 (CVSS3: 3.8) - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-22873 19. CVE-2025-61732 (CVSS3: 8.6) - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-61732 20. CVE-2025-68121 (CVSS3: 10.0) - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-68121 Thanks for the guidance. Regards, Deepak Rathore
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231022): https://lists.openembedded.org/g/openembedded-core/message/231022 Mute This Topic: https://lists.openembedded.org/mt/117772424/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
